General
-
Target
MadPassExt.exe
-
Size
621KB
-
Sample
231004-v9pt8sdd7z
-
MD5
d7f3266975644f3797964e044e5b8d5f
-
SHA1
6c053110d4087e013bc341115fbaa84a750a4057
-
SHA256
ac59a704d8652db5ae64c9c4a255157a3e2f1c577307d31b74df496ce4b43bef
-
SHA512
ee3f3f0bc0f666ddbfffcd8226f6a5a32ba0094bc0489371167fbca52820081e81e4140174e40b1edca1bb90066d28e70b14eccc875c6a0845ebbfa384ed9a65
-
SSDEEP
12288:o6IHCy7/eEkxewViP8Dd4N8DNCcJDOCDLy+QuH0h:3yT24wViP8Dd4N8DNCSr
Malware Config
Targets
-
-
Target
MadPassExt.exe
-
Size
621KB
-
MD5
d7f3266975644f3797964e044e5b8d5f
-
SHA1
6c053110d4087e013bc341115fbaa84a750a4057
-
SHA256
ac59a704d8652db5ae64c9c4a255157a3e2f1c577307d31b74df496ce4b43bef
-
SHA512
ee3f3f0bc0f666ddbfffcd8226f6a5a32ba0094bc0489371167fbca52820081e81e4140174e40b1edca1bb90066d28e70b14eccc875c6a0845ebbfa384ed9a65
-
SSDEEP
12288:o6IHCy7/eEkxewViP8Dd4N8DNCcJDOCDLy+QuH0h:3yT24wViP8Dd4N8DNCSr
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-